Content Comparison

Table of Contents

minLevel	2
maxLevel	2
type	flat

...

The Akamai Event Viewer Collector is designed to retrieve and aggregate event data related to user activities and configuration changes from the Akamai platform. Leveraging Akamai's Event Viewer API, this collector enables seamless access to historical event logs, allowing organizations to centralize operational insights and track important system events. By integrating this data into external monitoring or analytics platforms, organizations can enhance their auditing capabilities, streamline troubleshooting, and maintain a comprehensive record of key actions performed within their infrastructure.

Devo collector features

Feature	Details
Allow parallel downloading (`multipod`)	`not allowed`
Running environments	`collector server` `on-premise`
Populated Devo events	`table`
Flattening preprocessing	`no`

Data sources

Data Source	Description	API Endpoint	Collector Service Name	Devo Table	Available from release
Event Viewer events	Retrieves user activity and system configuration events. Paginated data ensures efficient retrieval and access to historical logs.	`/event-viewer-api/v1/events`	event_viewer_events	cdn.akamai.eventviewer	v1.0.0

For more information on how the events are parsed, visit our page ← LINK TO THE PARSER ARTICLE IF EXISTS

Flattening preprocessing

This collector does not implement flattening.

...

Info
This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting	Details
`access_token`	The access token is required to authenticate requests to the Akamai SIEM API.
`client_secret`	The client secret is required for secure authentication alongside the access token.
`client_token`	The client token is necessary for identifying and authenticating API requests.
`host`	The host specifies the endpoint for the Akamai SIEM API, typically in the format `{host}`.
`configs_id`	The configuration ID identifies the specific set of logs or security events to retrieve.

Info
See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

EdgeGridAuth	Details
`access_token`	The access token is required to authenticate requests to the Akamai SIEM API.
`client_secret`	The client secret is required for secure authentication alongside the access token.
`client_token`	The client token is necessary for identifying and authenticating API requests.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.

Structure

The following directory structure should be created for being used when running the collector:

<any_directory> └── devo-collectors/ └── <product_name>/ ├── certs/ │ ├── chain.crt

Rw ui tabs macro

Rw tab

title

On-premise collector

Code Block

Cloud collector

We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.

To enable the collector for a customer:

In the Collector Server GUI, access the domain in which you want this instance to be created
Click Add Collector and find the one you wish to add.
In the Version field, select the latest value.
In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).
In the sending method select Direct Send. Direct Send configuration is optional for collectors that create Table events, but mandatory for those that create Lookups.
In the Parameters section, establish the Collector Parameters as follows below:

Editing the JSON configuration

Code Block

language	json

{
  "global_overrides": {
    "debug": false
  },
  "inputs": {
    "akamai-event-viewer": {
      "id": "<short_unique_id>",
       │"enabled": true,
  ├── <your_domain>.key   "credentials": {
    │   └── <your_domain>.crt
"access_token": "<access_token_value>",
       ├── state/
 "client_secret": "<client_secret_value>",
       └── config/  "client_token": "<client_token_value>"
      },
     └── config.yaml

Note
Replace `<product_name>` with the proper value.

Devo credentials

In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <product_name>/certs/. Learn more about security credentials in Devo here.

Image Removed

Note
Replace `<product_name>` with the proper value.

Editing the config.yaml file

Code Block

language	yaml

globals:
  debug: false
  id: not used
  name: akamai-event-viewer
  persistence:
    type: filesystem
    config:
 "environment": "<environment_value>",
      "services": {
        "event_viewer_events": {
          "override_base_url": "<host_value>",
          "request_period_in_seconds": "<request_period_in_seconds_value>",
     directory_name: state outputs:   devo"logs_1limit":     type: devo_platform"<logs_limit_value>",
    config:       address"eventTypeId": <devo"<eventTypeId_address>value>"
      chain: <chain_filename> }
     cert: <cert_filename>}
    }
 key: <key_filename>
inputs:
  }
}

Example:

Code Block

{
  "global_overrides": {
    "debug": false
  },
  "inputs": {
    "akamai-event-viewer": {
      "id": <short_unique_id> "1234567",
      "enabled": true,
      "credentials": {
        "access_token": <access"your_access_token_value>",
        "client_secret": <client"your_client_secret_value>",
        "client_token": <client_token_value>"your_client_token"
      },
      "environment": <environment_value> "prod",
      "services": {
     list   "event_viewer_events": {
          "override_base_url": <host_value>"apiakamai.net",
          "request_period_in_seconds": <request_period_in_seconds_value> 60,
          "logs_limit": <logs_limit_value>50,
        eventTypeId: <eventTypeId_value>

Example:

Code Block

language	yaml

globals:
  debug: false "eventTypeId": "None"
  id: not_used   name: akamai-event-viewer-collector }
 persistence:     type: filesystem}
    config:}
      directory_name: state
outputs:
  devo_1:
    type: devo_platform
    config:
      address: collector-eu.devo.io
      chain: chain.crt
      cert: example.crt
      key: example.key
inputs:
  akamai-event-viewer:
    id: "123456"
    enabled: true
    environment: "prod"
    credentials:
      access_token: "your_access_token"
      client_secret: "your_client_secret"
      client_token: "your_client_token"
    services:
      list_events:
        override_base_url: "apiakamai.net"
        request_period_in_seconds: 60
        logs_limit: 5000
        eventTypeId: None

Info
All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the `services` object.

Replace the placeholders with your required values following the description table below:

Parameter	Data Type	Requirement	Value Range / Format	Description
`<devo_address>`	`string`	`Mandatory`	Example: `logs.example.devo.com`	The Devo address where logs will be sent.
`<chain_filename>`	`string`	`Mandatory`	Min length: `4`	The filename of the chain certificate downloaded from Devo. Example: chain.crt.
`<cert_filename>`	`string`	`Mandatory`	Min length: `4`	The filename of your certificate downloaded from Devo. Example: your_domain.crt.
`<key_filename>`	`string`	`Mandatory`	Min length: `4`	The filename of your private key downloaded from Devo. Example: your_domain.key.
`<short_unique_id>`	`string`	`Mandatory`	Min length: `1`	Unique identifier for the collector instance.
`<enabled>`	`boolean`	`Mandatory`	`true`, `false`	Indicates whether the collector is active.
`<access_token_value>`	`string`	`Mandatory`	Min length: `1`	API access token for Akamai Event Viewer authentication.
`<client_secret_value>`	`string`	`Mandatory`	Min length: `1`	Secret key used for secure API requests.
`<client_token_value>`	`string`	`Mandatory`	Min length: `1`	Token used to identify the client in API requests.
`<environment_value>`	`string`	`Optional`	Example: `dev`, `prod`	Specifies the environment. Use `dev` for development or `prod` for production.
`<host_value>`	`string`	`Mandatory`	Host URL when making endpoint requests.	Host URL for making requests to the Event Viewer API.
`<request_period_in_seconds_value>`	`int`	`Optional`	Default: `60`	Frequency of requests in seconds.
`<logs_limit_value>`	`int`	`Optional`	Default: `5000`	Maximum number of logs to retrieve in one API request.
`<eventTypeId_value>`	`string`	`Optional`	Example: `123`	ID of the specific event type to filter the events.

Download the Docker image

The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:

Collector Docker image

SHA-256 hash

akamai-event-viewerdocker-image.tgz

4848119d70d97a1f6f1a89591df9938c1291a2e0e1844ce881ee6167fe5818fe

Use the following command to add the Docker image to the system:

Code Block
gunzip -c <image_file>-<version>.tgz \| docker load

Note
Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace `<image_file>` and `<version>` with a proper value.

The Docker image can be deployed on the following services:

Docker

Execute the following command on the root directory <any_directory>/devo-collectors/<product_name>/

Code Block

docker run 
--name collector-<product_name> 
--volume $PWD/certs:/devo-collector/certs 
--volume $PWD/config:/devo-collector/config 
--volume $PWD/state:/devo-collector/state 
--env CONFIG_FILE=config.yaml 
--rm 
--interactive 
--tty 
<image_name>:<version>

Note
Replace `<product_name>`, `<image_name>` and `<version>` with the proper values.

Docker Compose

The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/<product_name>/ directory.

Code Block

version: '3'
services:
  collector-<product_name>:
    image: <image_name>:${IMAGE_VERSION:-latest}
    container_name: collector-<product_name>
    volumes:
      - ./certs:/devo-collector/certs
      - ./config:/devo-collector/config
      - ./credentials:/devo-collector/credentials
      - ./state:/devo-collector/state
    environment:
      - CONFIG_FILE=${CONFIG_FILE:-config.yaml}

To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/<product_name>/ directory:

Code Block
IMAGE_VERSION=<version> docker-compose up -d

Note
Replace `<product_name>`, `<image_name>` and `<version>` with the proper values.

Rw tab

title	Cloud collector

We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.

To enable the collector for a customer:

In the Collector Server GUI, access the domain in which you want this instance to be created
Click Add Collector and find the one you wish to add.
In the Version field, select the latest value.
In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).
In the sending method select Direct Send. Direct Send configuration is optional for collectors that create Table events, but mandatory for those that create Lookups.
In the Parameters section, establish the Collector Parameters as follows below:

Editing the JSON configuration

Code Block

language	json

{
  "global_overrides": {
    "debug": false
  },
  "inputs": {
    "akamai-event-viewer": {
      "id": "<short_unique_id>",
      "enabled": true,
      "credentials": {
        "access_token": "<access_token_value>",
        "client_secret": "<client_secret_value>",
        "client_token": "<client_token_value>"
      },
      "environment": "<environment_value>",
      "services": {
        "list_events": {
          "override_base_url": "<host_value>",
          "request_period_in_seconds": "<request_period_in_seconds_value>",
          "logs_limit": "<logs_limit_value>",
          "eventTypeId": "<eventTypeId_value>"
        }
      }
    }
  }
}

Example:

Code Block

{
  "global_overrides": {
    "debug": false
  },
  "inputs": {
    "akamai-event-viewer": {
      "id": "1234567",
      "enabled": true,
      "credentials": {
        "access_token": "your_access_token",
        "client_secret": "your_client_secret",
        "client_token": "your_client_token"
      },
      "environment": "prod",
      "services": {
        "list_events": {
          "override_base_url": "apiakamai.net",
          "request_period_in_seconds": 60,
          "logs_limit": 5000,
          "eventTypeId": "None"
        }
      }
    }
  }
}

The following table outlines the parameters available for configuring the collector. Each parameter is categorized by its necessity (mandatory or optional), data type, acceptable values or formats, and a brief description.

Parameter	Data Type	Requirement	Value Range / Format	Description
`<short_unique_id>`	`string`	`Mandatory`	Min length: `1`	Unique identifier for the collector instance.
`<enabled>`	`boolean`	`Mandatory`	`true`, `false`	Indicates whether the collector is active.
`<access_token_value>`	`string`	`Mandatory`	Min length: `1`	API access token for Akamai Event Viewer authentication.
`<client_secret_value>`	`string`	`Mandatory`	Min length: `1`	Secret key used for secure API requests.
`<client_token_value>`	`string`	`Mandatory`	Min length: `1`	Token used to identify the client in API requests.
`<environment_value>`	`string`	`Optional`	Example: `dev`, `prod`	Specifies the environment. Use `dev` for development or `prod` for production.
`<host_value>`	`string`	`Mandatory`	Host URL when making endpoint requests.	Host URL for making requests to the Event Viewer API.
`<request_period_in_seconds_value>`	`integer`	`Optional`	Default: `60`	Frequency of requests in seconds.
`<logs_limit_value>`	`integer`	`Optional`	Default: `5000`	Maximum number of logs to retrieve in one API request.
`<eventTypeId_value>`	`string`	`Optional`	Example: `123`	ID of the specific event type to filter the events.

...

}
}

The following table outlines the parameters available for configuring the collector. Each parameter is categorized by its necessity (mandatory or optional), data type, acceptable values or formats, and a brief description.

Parameter	Data Type	Requirement	Value Range / Format	Description
`<short_unique_id>`	`string`	`Mandatory`	Min length: `1`	Unique identifier for the collector instance.
`<enabled>`	`boolean`	`Mandatory`	`true`, `false`	Indicates whether the collector is active.
`<access_token_value>`	`string`	`Mandatory`	Min length: `1`	API access token for Akamai Event Viewer authentication.
`<client_secret_value>`	`string`	`Mandatory`	Min length: `1`	Secret key used for secure API requests.
`<client_token_value>`	`string`	`Mandatory`	Min length: `1`	Token used to identify the client in API requests.
`<environment_value>`	`string`	`Optional`	Example: `dev`, `prod`	Specifies the environment. Use `dev` for development or `prod` for production.
`<host_value>`	`string`	`Mandatory`	Host URL when making endpoint requests.	Host URL for making requests to the Event Viewer API.
`<request_period_in_seconds_value>`	`integer`	`Optional`	Default: `60`	Frequency of requests in seconds.
`<logs_limit_value>`	`integer`	`Mandatory`	`Min Value: 1` `Max Value: 50`	Maximum number of logs to retrieve in one API request. `(Or check the doc of akamai for range of limits).`
`<eventTypeId_value>`	`string`	`Mandatory`	Example: `123`	ID of the specific event type to filter the events.

Rw tab

title	On-premise collector

This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.

Structure

The following directory structure should be created for being used when running the collector:

Code Block

<any_directory>
└── devo-collectors/
    └── <product_name>/
        ├── certs/
        │   ├── chain.crt
        │   ├── <your_domain>.key
        │   └── <your_domain>.crt
        ├── state/
        └── config/ 
            └── config.yaml

Note
Replace `<product_name>` with the proper value.

Devo credentials

In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <product_name>/certs/. Learn more about security credentials in Devo here.

Image Added

Note
Replace `<product_name>` with the proper value.

Editing the config.yaml file

Code Block

language	yaml

globals:
  debug: false
  id: not used
  name: akamai-event-viewer
  persistence:
    type: filesystem
    config:
      directory_name: state
outputs:
  devo_1:
    type: devo_platform
    config:
      address: <devo_address>
      chain: <chain_filename>
      cert: <cert_filename>
      key: <key_filename>
inputs:
  akamai-event-viewer:
    id: <short_unique_id>
    enabled: true
    credentials:
      access_token: <access_token_value>
      client_secret: <client_secret_value>
      client_token: <client_token_value>
    environment: <environment_value>
    services:
      event_viewer_events:
        override_base_url: <host_value>
        request_period_in_seconds: <request_period_in_seconds_value>
        logs_limit: <logs_limit_value>
        eventTypeId: <eventTypeId_value>

Example:

Code Block

language	yaml

globals:
  debug: false
  id: not_used
  name: akamai-event-viewer-collector
  persistence:
    type: filesystem
    config:
      directory_name: state
outputs:
  devo_1:
    type: devo_platform
    config:
      address: collector-eu.devo.io
      chain: chain.crt
      cert: example.crt
      key: example.key
inputs:
  akamai-event-viewer:
    id: "123456"
    enabled: true
    environment: "prod"
    credentials:
      access_token: "your_access_token"
      client_secret: "your_client_secret"
      client_token: "your_client_token"
    services:
      event_viewer_events:
        override_base_url: "apiakamai.net"
        request_period_in_seconds: 60
        logs_limit: 50
        eventTypeId: None

Info
All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the `services` object.

Replace the placeholders with your required values following the description table below:

Parameter	Data Type	Requirement	Value Range / Format	Description
`<devo_address>`	`string`	`Mandatory`	Example: `logs.example.devo.com`	The Devo address where logs will be sent.
`<chain_filename>`	`string`	`Mandatory`	Min length: `4`	The filename of the chain certificate downloaded from Devo. Example: chain.crt.
`<cert_filename>`	`string`	`Mandatory`	Min length: `4`	The filename of your certificate downloaded from Devo. Example: your_domain.crt.
`<key_filename>`	`string`	`Mandatory`	Min length: `4`	The filename of your private key downloaded from Devo. Example: your_domain.key.
`<short_unique_id>`	`string`	`Mandatory`	Min length: `1`	Unique identifier for the collector instance.
`<enabled>`	`boolean`	`Mandatory`	`true`, `false`	Indicates whether the collector is active.
`<access_token_value>`	`string`	`Mandatory`	Min length: `1`	API access token for Akamai Event Viewer authentication.
`<client_secret_value>`	`string`	`Mandatory`	Min length: `1`	Secret key used for secure API requests.
`<client_token_value>`	`string`	`Mandatory`	Min length: `1`	Token used to identify the client in API requests.
`<environment_value>`	`string`	`Optional`	Example: `dev`, `prod`	Specifies the environment. Use `dev` for development or `prod` for production.
`<host_value>`	`string`	`Mandatory`	Host URL when making endpoint requests.	Host URL for making requests to the Event Viewer API.
`<request_period_in_seconds_value>`	`int`	`Optional`	Default: `60`	Frequency of requests in seconds.
`<logs_limit_value>`	`int`	`Mandatory`	`Min Value: 1` `Max Value: 50`	Maximum number of logs to retrieve in one API request.`(Or check the doc of akamai for range of limits).`
`<eventTypeId_value>`	`string`	`Mandatory`	Example: `123`	ID of the specific event type to filter the events.

Download the Docker image

The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:

Collector Docker image	SHA-256 hash
akamai-event-viewerdocker-image-1.0.1.tgz	`3e80c3b0dcdde9c8dd8f10096a31a5c4c4d7eff3c1e8b162a7da19f5d57decb3`

Use the following command to add the Docker image to the system:

Code Block
gunzip -c <image_file>-<version>.tgz \| docker load

Note
Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace `<image_file>` and `<version>` with a proper value.

The Docker image can be deployed on the following services:

Docker

Execute the following command on the root directory <any_directory>/devo-collectors/<product_name>/

Code Block

docker run 
--name collector-<product_name> 
--volume $PWD/certs:/devo-collector/certs 
--volume $PWD/config:/devo-collector/config 
--volume $PWD/state:/devo-collector/state 
--env CONFIG_FILE=config.yaml 
--rm 
--interactive 
--tty 
<image_name>:<version>

Note
Replace `<product_name>`, `<image_name>` and `<version>` with the proper values.

Docker Compose

The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/<product_name>/ directory.

Code Block

version: '3'
services:
  collector-<product_name>:
    image: <image_name>:${IMAGE_VERSION:-latest}
    container_name: collector-<product_name>
    volumes:
      - ./certs:/devo-collector/certs
      - ./config:/devo-collector/config
      - ./credentials:/devo-collector/credentials
      - ./state:/devo-collector/state
    environment:
      - CONFIG_FILE=${CONFIG_FILE:-config.yaml}

To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/<product_name>/ directory:

Code Block
IMAGE_VERSION=<version> docker-compose up -d

Note
Replace `<product_name>`, `<image_name>` and `<version>` with the proper values.

This section is intended to explain how to proceed with specific actions for services.

...

Expand

title	Enable/disable the logging debug mode

Sometimes it is necessary to activate the debug mode of the collector's logging. This debug mode increases the verbosity of the log and allows you to print execution traces that are very helpful in resolving incidents or detecting bottlenecks in heavy download processes.

To enable this option you just need to edit the configuration file and change the debug_status parameter from false to true and restart the collector.
To disable this option, you just need to update the configuration file and change the debug_status parameter from true to false and restart the collector.

For more information, visit the configuration and parameterization section corresponding to the chosen deployment mode.

Change log for v1.x.x

Release

Released on

Release type

Details

Recommendations

v1.0.1

06 Feb 2025

Status

colour	Red
title	FIX

Changed service name in example_params.json

Recommended version

v1.0.0

10 Jan 2025

Status

colour	Purple
title	NEW FEATURE

The Akamai Event Viewer Collector aggregates and streams security event data from Akamai's platform for monitoring and analysis.

Recommended version

Upgrade

Version	Old Version 1	New Version Current
Changes made by	Andrea Vazquez Varela	Virginia Camuñas Núñez
Saved on	Jan 16, 2025	Feb 17, 2025

Versions Compared

Key

Devo collector features

Data sources

Flattening preprocessing

Accepted authentication methods

Run the collector

Structure

Editing the JSON configuration

Devo credentials

Editing the config.yaml file

Download the Docker image

Docker

Docker Compose

Editing the JSON configuration

Structure

Devo credentials

Editing the config.yaml file

Download the Docker image

Docker

Docker Compose

Change log for v1.x.x